What is missing?

Not explicit, or encoded.

Domain specific cookie

How does adtech/publish

Sam - hack an extension

Andrew- background reading - to try to figure out what we can express via the cookie

Sean - ICONS

Sal - JSON purposes

Key aspects of the consent cookie:

Go here for all the links to the Transparency & Consent Framework

http://advertisingconsent.eu/

Create a cookie that is honored by the advertiser selling space on wired.com

Are there configurations of the cookie as defined in the document that are person friendly so they don’t have to do this every time (maybe?)  Can we change the bits to accomplish this?

If we can parse what is in the cookie/api we can suggest additional functionality (get them to add purposes)

Hack the cookie or hack the specification. (short term)

Hacking the cookie can make it easier for the user...

We can become the CMP… is this chosen by the vendor, if so we could then go to them indivually

And write a vendor consent cookie, that has specific (defined by us) purposes (only 6)

Can we create an EFF, Customer Commons CMP or set others up to do so…. And possibly create a consortium to do so (long term)

[NOTE: Here’s a blog about one vendor’s CMP https://www.sovrn.com/blog/sovrn-gdpr-cmp/   ]

We could do a rogue version.

Refer to JSON for specific references…

Publisher purposes consent cookie format could be flipped to achieve global purposes not vendor specific.

Using the official vendor list but can hack that.

https://vendorlist.consensu.org/vendorlist.json

Chrome Extension API for client side cookie hacking:

https://developer.chrome.com/extensions/cookies#method-set

https://hangouts.google.com/call/f71g1SrzihwRublHgFC2AAEE

1. Mechanics

Mechanics of Chrome extension

 Base extention: https://github.com/TelegramSam/ConsentCookieManager

Mechanics of encoding

Mechanics of cookie extension.

2. Mapping of purposes for our CMP

Become the only CMP that could be chosen by the uers

3. Move some of this into Kantara Consent Management?

Registered CMPs

http://advertisingconsent.eu/iab-europe-transparency-consent-framework-list-of-registered-cmps/

ID

Company Name

Website

Sub-Domain

9

Admiral

getadmiral.com

admiral.mgr.consensu.org

2

Chandago

chandago.com

appconsent.mgr.consensu.org

23

Conversant Europe Ltd.

conversantmedia.eu

conversant.mgr.consensu.org

7

Didomi

didomi.io

didomi.mgr.consensu.org

3

Faktor BV

faktor.io

faktor.mgr.consensu.org

12

Germantag Web Services

germantag.de

germantag.mgr.consensu.org

10

Quantcast International Limited

quantcast.com

quantcast.mgr.consensu.org

6

Sourcepoint Technologies, Inc.

sourcepoint.com

sourcepoint.mgr.consensu.or

Icons…

Purposes

IAB E Says

Customer Commons Says

Relevant GDPR Articles

Storage and access of information

You can ask us to delete/forget when you want

Article 18

Right to restriction of processing

Article 17

Right to erasure (‘right to be forgotten’)

Personalisation

Tracking (GDPR: Profiling)

Article 21

Right to object

Article 22

Automated individual decision-making, including profiling

Ad selection, delivery, reporting

My topic prefs and exclusions

Content selection, delivery, reporting

Where do I see the logs?

Measurement (Analytics etc.)

Only aggregate info allowed (at least c. 10 subjects)

Duration?

Features

Matching Data to Offline Sources

If you use my data to correlate me with my offline self, you will notify me

Linking Devices

If you link my devices through pivotal data points I supply implicitly or explicitly, you will notify me?

Precise Geographic Locations

Vendors


Features

These are the currently-defined Features from the

 https://vendorlist.consensu.org/vendorlist.json file

    "features": [

        {

            "description": "Combining data from offline sources that were initially collected in other contexts.",

            "id": 1,

            "name": "Matching Data to Offline Sources"

        },

        {

            "description": "Allow processing of a user's data to connect such user across multiple devices.",

            "id": 2,

            "name": "Linking Devices"

        },

        {

            "description": "Allow processing of a user's precise geographic location data in support of a purpose for which that certain third party has consent.",

            "id": 3,

            "name": "Precise Geographic Location Data"

        }

    ],


Purposes

These are the currently-defined Purposes from the

 https://vendorlist.consensu.org/vendorlist.json file

    "purposes": [

        {

            "description": "The storage of information, or access to information that is already stored, on your device such as accessing advertising identifiers and/or other device identifiers, and/or using cookies or similar technologies.",

            "id": 1,

            "name": "Storage and access of information"

        },

        {

            "description": "The collection and processing of information about your use of this site to subsequently personalize advertising for you in other contexts, i.e. on other sites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests which inform future selections.",

            "id": 2,

            "name": "Personalisation"

        },

        {

            "description": "The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. ",

            "id": 3,

            "name": "Ad selection, delivery, reporting"

        },

        {

            "description": "The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. ",

            "id": 4,

            "name": "Content selection, delivery, reporting"

        },

        {

            "description": "The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the content.",

            "id": 5,

            "name": "Measurement"

        }

    ],

Ad Vendors

{
 "vendorListVersion": 9,
 "lastUpdated": "2018-04-26T16:01:58Z",
 "purposes": [
   {
     "id": 1,
     "name": "Storage and access of information",
     "description": "The storage of information, or access to information that is already stored, on your device such as accessing advertising identifiers and\/or other device identifiers, and\/or using cookies or similar technologies."
   },
   {
     "id": 2,
     "name": "Personalisation",
     "description": "The collection and processing of information about your use of this site to subsequently personalize advertising for you in other contexts, i.e. on other sites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests which inform future selections."
   },
   {
     "id": 3,
     "name": "Ad selection, delivery, reporting",
     "description": "The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. "
   },
   {
     "id": 4,
     "name": "Content selection, delivery, reporting",
     "description": "The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. "
   },
   {
     "id": 5,
     "name": "Measurement",
     "description": "The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the content."
   }
 ],
 "features": [
   {
     "id": 1,
     "name": "Matching Data to Offline Sources",
     "description": "Combining data from offline sources that were initially collected in other contexts."
   },
   {
     "id": 2,
     "name": "Linking Devices",
     "description": "Allow processing of a user's data to connect such user across multiple devices."
   },
   {
     "id": 3,
     "name": "Precise Geographic Location Data",
     "description": "Allow processing of a user's precise geographic location data in support of a purpose for which that certain third party has consent."
   }
 ],
 "vendors": [
   {
     "id": 8,
     "name": "Emerse Sverige AB",
     "policyUrl": "https:\/\/www.emerse.com\/privacy-policy\/",
     "purposeIds": [
       1,
       2,
       4
     ],
     "legIntPurposeIds": [
       3,
       5
     ],
     "featureIds": [
       1,
       2
     ]
   },
   {
     "id": 12,
     "name": "BeeswaxIO Corporation",
     "policyUrl": "https:\/\/www.beeswax.com\/privacy.html",
     "purposeIds": [
       1,
       3,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       3
     ]
   },
   {
     "id": 28,
     "name": "TripleLift, Inc.",
     "policyUrl": "https:\/\/triplelift.com\/privacy\/",
     "purposeIds": [
       1,
       3
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       3
     ]
   },
   {
     "id": 9,
     "name": "AdMaxim Inc.",
     "policyUrl": "http:\/\/www.admaxim.com\/privacy\/",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 27,
     "name": "ADventori SAS",
     "policyUrl": "https:\/\/www.adventori.com\/with-us\/legal-notice\/",
     "purposeIds": [
       2
     ],
     "legIntPurposeIds": [
       1,
       3,
       4,
       5
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 25,
     "name": "Oath (EMEA) Limited",
     "policyUrl": "https:\/\/policies.oath.com\/ie\/en\/oath\/privacy\/index.html",
     "purposeIds": [
       1,
       2
     ],
     "legIntPurposeIds": [
       3,
       5
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 26,
     "name": "Venatus Media Limited",
     "policyUrl": "https:\/\/www.venatusmedia.com\/privacy\/",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 1,
     "name": "Exponential Interactive, Inc",
     "policyUrl": "http:\/\/exponential.com\/privacy",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 6,
     "name": "AdSpirit GmbH",
     "policyUrl": "http:\/\/www.adspirit.de\/privacy",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 30,
     "name": "BidTheatre AB",
     "policyUrl": "https:\/\/www.bidtheatre.com\/privacy-policy",
     "purposeIds": [
       1,
       2,
       3
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       2,
       3
     ]
   },
   {
     "id": 24,
     "name": "Conversant Europe Ltd.",
     "policyUrl": "https:\/\/www.conversantmedia.eu\/legal\/privacy-policy",
     "purposeIds": [
       1
     ],
     "legIntPurposeIds": [
       2,
       3,
       4,
       5
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 29,
     "name": "Etarget SE",
     "policyUrl": "https:\/\/www.etarget.sk\/privacy.php",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       1
     ]
   },
   {
     "id": 39,
     "name": "ADITION technologies AG",
     "policyUrl": "adition.com\/datenschutz",
     "purposeIds": [
       
     ],
     "legIntPurposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 11,
     "name": "Quantcast International Limited",
     "policyUrl": "https:\/\/www.quantcast.com\/privacy\/",
     "purposeIds": [
       1
     ],
     "legIntPurposeIds": [
       2,
       3,
       4,
       5
     ],
     "featureIds": [
       1
     ]
   },
   {
     "id": 15,
     "name": "Adikteev",
     "policyUrl": "https:\/\/www.adikteev.com\/eu\/privacy\/",
     "purposeIds": [
       1,
       2
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 4,
     "name": "Roq.ad GmbH",
     "policyUrl": "https:\/\/www.roq.ad\/privacy-policy",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       2,
       3
     ]
   },
   {
     "id": 7,
     "name": "Vibrant Media Limited",
     "policyUrl": "https:\/\/www.vibrantmedia.com\/en\/privacy-policy\/",
     "purposeIds": [
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       1
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 2,
     "name": "Captify Technologies Limited",
     "policyUrl": "http:\/\/www.captify.co.uk\/privacy-policy\/",
     "purposeIds": [
       2,
       3,
       5
     ],
     "legIntPurposeIds": [
       1
     ],
     "featureIds": [
       2
     ]
   },
   {
     "id": 37,
     "name": "NEURAL.ONE",
     "policyUrl": "https:\/\/web.neural.one\/privacy-policy\/",
     "purposeIds": [
       1,
       2,
       3,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       1,
       2
     ]
   },
   {
     "id": 13,
     "name": "Sovrn Holdings Inc",
     "policyUrl": "https:\/\/www.sovrn.com\/sovrn-privacy\/",
     "purposeIds": [
       1,
       2,
       3
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       2,
       3
     ]
   },
   {
     "id": 34,
     "name": "NEORY GmbH",
     "policyUrl": "https:\/\/www.neory.com\/privacy.html",
     "purposeIds": [
       1,
       2,
       4,
       5
     ],
     "legIntPurposeIds": [
       3
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 32,
     "name": "AppNexus Inc.",
     "policyUrl": "https:\/\/www.appnexus.com\/en\/company\/platform-privacy-policy",
     "purposeIds": [
       1
     ],
     "legIntPurposeIds": [
       3
     ],
     "featureIds": [
       2,
       3
     ]
   },
   {
     "id": 10,
     "name": "Index Exchange, Inc. ",
     "policyUrl": "www.indexexchange.com\/privacy",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       2,
       3
     ]
   },
   {
     "id": 57,
     "name": "ADARA MEDIA UNLIMITED",
     "policyUrl": "https:\/\/adara.com\/2018\/04\/10\/adara-gdpr-faq\/",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       1,
       2
     ]
   },
   {
     "id": 63,
     "name": "Avocet Systems Limited",
     "policyUrl": "http:\/\/www.avocet.io\/privacy-policy",
     "purposeIds": [
       
     ],
     "legIntPurposeIds": [
       1,
       3
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 51,
     "name": "xAd, Inc. dba GroundTruth",
     "policyUrl": "https:\/\/www.groundtruth.com\/privacy-policy\/",
     "purposeIds": [
       1,
       2,
       3,
       4,
       5
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 49,
     "name": "Tradelab, SAS",
     "policyUrl": "http:\/\/tradelab.com\/en\/privacy\/",
     "purposeIds": [
       1,
       2,
       3
     ],
     "legIntPurposeIds": [
       5
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 45,
     "name": "Smart Adserver",
     "policyUrl": "http:\/\/smartadserver.com\/company\/privacy-policy\/",
     "purposeIds": [
       1,
       2
     ],
     "legIntPurposeIds": [
       3,
       5
     ],
     "featureIds": [
       3
     ]
   },
   {
     "id": 52,
     "name": "The Rubicon Project, Limited",
     "policyUrl": "http:\/\/rubiconproject.com\/rubicon-project-yield-optimization-privacy-policy\/",
     "purposeIds": [
       1
     ],
     "legIntPurposeIds": [
       2,
       3,
       4,
       5
     ],
     "featureIds": [
       3
     ]
   },
   {
     "id": 35,
     "name": "Purch Group, Inc.",
     "policyUrl": "http:\/\/www.purch.com\/privacy-policy\/",
     "purposeIds": [
       1
     ],
     "legIntPurposeIds": [
       3,
       5
     ],
     "featureIds": [
       
     ]
   },
   {
     "id": 71,
     "name": "Dataxu, Inc. ",
     "policyUrl": "https:\/\/www.dataxu.com\/about-us\/privacy\/data-collection-platform\/",
     "purposeIds": [
       1,
       2,
       3
     ],
     "legIntPurposeIds": [
       
     ],
     "featureIds": [
       1,
       2,
       3
     ]
   },
   {
     "id": 79,
     "name": "MediaMath, Inc.",
     "policyUrl": "http:\/\/www.mediamath.com\/privacy-policy\/",
     "purposeIds": [
       1
     ],
     "legIntPurposeIds": [
       2,
       3,
       4,
       5
     ],
     "featureIds": [
       1,
       2,
       3